Posts

Ensure Your Team is Working from Home Safely

(Published 4/21/20)


The rush to get your employees setup and working from home is over; now is the time to take a step back and make sure your team is working effectively and that you are protecting your data and that of your customers.

Here is a simple checklist:

Give Employees Business Software

If you have MS Office licensed through an Office 365 subscription, you have the ability to install each user’s license on multiple computers and devices. Use this licensing to make sure your team does not run into version compatibility issues.  If you have an Office 365 subscription, you can also ensure employees are logged into your domain/tenant and files are automatically backed up to OneDrive or SharePoint file systems.

Give Employees Endpoint Protection

If employees are using home computers for work, the non-work activity on that machine poses a malware and ransomware risk to your business.  Even if your employee has a consumer antivirus tool in place, you should layer next-gen, advanced threat protection.  Solutions like Webroot are designed to coexist with local protections. The solution also gives you control over the security footprint of machines accessing your systems and data.

Give Employees Web Filtering / DNS Protection

Between 20% and 35% of malware attacks originate from infected websites and DNS attacks.  Adding web filtering/DNS protection allows your employees and their families to safely surf without putting your business at risk.

Properly Configure Desktop File Sync Utilities

Whether using Office 365 or G Suite, enabling a desktop sync tool gives your employees seamless access to your cloud-based files. Rather than syncing, configure the agent to serve as a mapping tool. Files cache locally while in use for performance; data remains securely in your cloud; users have easy and familiar access.

Put a Policy in Place

Make sure you have an appropriate policy in place, to protect your employees and your business. We are sharing a simple draft policy you can use and adapt to your needs.

Partnering for G Suite Productivity with Our Top 9 Tips

G Suite productivity tipsGoogle Workspace (formerly G Suite) is more than an email, calendar, and simple file sharing service.  G Suite is a productivity suite that serves as a platform for a range of tools that helps your team, and your business, work more effectively. It is a cloud-based productivity suite developed by Google that includes a range of productivity tools and applications such as Gmail, Google Drive, Google Docs, Google Sheets, Google Slides, and more. See how you can maximize your business efficiency with our top nine G suite productivity tips and tricks below.

9 ways your team can be more productive with Google Workspace (G Suite):

  1. Share Files, Not Copies:
    Stop sending attachments. Stop wasting time figuring out if the copy of the file in your inbox, on your local drive, or on a shared folder is the most current. Whether you use Google Docs for creating documents, spreadsheets, and presentations or you continuing using Microsoft Office 365, Google Drive and Team Drives serves your files rather than just sharing them.  People share via link, so all comments, suggestions, and edits are made within a single copy of the file. Versioning keeps this orderly and gives you the ability to look back and compare.
  2. Serve Files, Not File Servers:
    Use Team Drives and Drive File Stream to provide users with “explorer” access to files from Macs, PCs, and local software. Store files under central ownership and managed permissions; avoid performance and capacity problems with unlimited storage. Allow team members to work remotely and securely on computers, tablets, and mobile devices without VPNs and remote desktop services slowing things down.
  3. Communicate, Don’t Just Text:
    Most laptops now have microphones, speakers, and Bluetooth features similar to your smartphones and tablets. Have face to face conversations using Hangouts Meet instead of long email threads, phone tag, or text messaging. Communication is 55% non-verbal. Let your employees see and hear each other, your vendors, and your customers. You can share screens to live document reviews and discussions. Why pay extra for a conferencing service?
  4. Collaboration, Don’t Just Comment:
    True, Google Docs allow contributors to comment and suggest edits. You can also collaborate in real-time or as each participant is able. Version history lets you look back at who contributed, when, and where. You can name versions to track official revisions or specific working copies of documents.
  5. Schedule Productivity, Not Just Appointments:
    Your personal and shared calendars track your time as well as project or team activities. Resource calendars let you book rooms or any scheduled resource. Integrated with Hangout Meets, automatically include voice and video conferencing for the human touch. Integrated with Chrome for Meetings and you have 1-click video conferencing with screen sharing in your conference rooms.
  6. Manage Customer Relationships, Not Data:
    Integrated CRM applications, automatically pull person and company data into your CRM records and automatically track inbound and outbound emails with your prospects. Side panel gives you “pane of glass” access and context from within your Gmail inbox.
  7. Manage Communications, Not Data:
    Integrated sales and marketing tools, empower you team to better manage marketing, sales, and service communications without leaving your Gmail inbox.  Templates, mail merge, and tracking save time and energy as you drive your sales pipeline forward.
  8. Automate Tasks, Not People:
    Automate workflows and repetitive tasks, and build simple apps to boost productivity with AppMaker. The Low-code/no-code tool means you don’t need a cadre of programmers. Free up task time for more valuable activities.
  9. Protect Your Business; Not Just Data:
    Compliant archiving and e-discovery covers your email communications and your documents. Integrated solutions provide third party backup/recovery protection from accidental or intentional damage and loss. Cloud-to-cloud backup is less costly and requires less admin effort than traditional file server protection services.

Get the most value from your G Suite platform:

Our final G suite productivity tips include actionable ways to help your team ensure its workflow is up to date.

  • Verify you are on the right version of G Suite, with the capabilities that best meet your needs
  • Help your team learn how to use the G Suite apps to their fullest
  • Integrate 3rd party solutions for line of business needs, such as marketing, sales, and service

Please contact us for a free Cloud Advisor session to discuss getting the most value from G Suite.


 

Celebrate Data Privacy Day with a Free Workshop

Privacy RefYou may or may not know that International Data Privacy Day is January 28.  To celebrate, our strategic partner, Privacy Ref, is offering a free 2 hour workshop on Privacy Program Fundamentals.

Join us on January 25, 2017 from 1:00 to 3:00 PM EST for this valuable session.

Topics to be covered include:

  • Defining privacy
  • Foundational privacy concepts
  • Components of a privacy program
  • Privacy frameworks
  • Managing privacy risk
  • Metrics for privacy
  • Training & awareness activities

Please click here to register!


Interested in ensuring your business is protected?  Explore our Privacy Solutions, including our Privacy Assessment and Planning and our Privacy Training services.


 

The Cost of Ransomware

The cyber criminals behind ransomware see their efforts as a volume business.  Charge too much, and victims will not pay. Targeting businesses and organizations in wealthier countries and in cities where people and businesses are most likely able to pay, the typical ransom is often about $500.  More recently, we have heard of ransoms between 1 and 2 bitcoin (about US$600 to US$1300).

The Ransom Payment is Only Part of the Cost

The cost of ransomware can vary significantly depending on several factors, including the size and type of the targeted organization, the extent of the attack, the data that is compromised, and the specific ransom demands. It is challenging to determine a typical cost as each incident is unique. However, the costs associated with a ransomware attack can include:

  1. Ransom Payment: The primary cost is often the ransom amount demanded by the attackers, which can range from a few hundred to millions of dollars.
  2. Recovery and Remediation: Organizations affected by ransomware must invest in forensic investigation, data recovery, system restoration, and strengthening their security infrastructure. These costs can include IT services, incident response teams, and cybersecurity consultants.
  3. Downtime and Productivity Loss: Ransomware attacks can result in significant disruption to business operations, leading to lost productivity, missed opportunities, and potential reputational damage.
  4. Legal and Regulatory Consequences: Organizations may incur legal fees and potential fines if the attack involves compromised customer data or violates data protection regulations.
  5. Reputational Damage: Ransomware attacks can erode customer trust and damage a company’s reputation, potentially leading to long-term financial consequences.

Every victim loses productivity from the start of the attack until it is fully resolved. Whether or not you pay, you still need to conduct a full sweep of all of your systems to ensure the ransomware has been removed. Otherwise, you risk reinfection.

Organization Who Pay the Ransomware Cost

For organizations respond and pay the ransom, they still suffer the time and cost of decrypting and validating files, a process that can consume days or weeks of IT resources. If you choose not to pay, you have the cost of recovering data from before the attacks and re-creating lost information across all of your servers, systems, and applications. We recently spoke with a company that lost less than 6 months of data. After three months, they are still working to recreate lost files and transactions as they have no way of knowing if they have missed any.

A ransomware attack can cost tens of thousands of dollars to clean up. Attacks may also damage valuable customer and vendor relationships and result in higher bookkeeping, accounting, and legal fees.

The Cost to Prevent a Ransomware Attack

The costs associated with cyber protection and prevention and the ability to recover quickly (should an attack breach your defenses) is relatively minor. The value of prevention and preparation is well worth the cost.

Organizations should invest in proactive cybersecurity measures to mitigate the risk and potential cost associated with ransomware attacks.

Learn more

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.


For a 1:1 consultation and assessment of your risk, contact us today.


A Better Cloud Admin Solution

BetterCloud Logo
With over 200 new features add yearly, the capability of Google Apps is growing in features and capabilities. Across our customer base, we see adoption and use of these features by individuals and teams growing as well.

You want and need to understand how Google Apps is being used, and working, for your business. With more collaboration and data in the cloud, you want to ensure that documents are properly shared, with appropriate privacy and protections. At the same time, we want to keep administration simple and efficient.

We have a solution:

BetterCloud recently release a new tiered service designed to solve each of these issues, and you can try it for free.

BetterCloud Basic is a Domain Health Center for your Google Apps domain, letting you monitor activity, define alerts, and analyze usage.

BetterCloud Pro is a robust suite of administration and management tools for Google Apps that simply admin tasks with an expanded set of controls that save you time and effort.

BetterCloud Enterprise adds auditing, discovery, compliance, and data loss prevention features, giving you the ability to monitor, manage, and mitigate data permissions and exposures in real time.

 

You can try BetterCloud for free, and without obligation.  Here’s our offer:

We will …

  • Install BetterCloud Basic for free in your Google Apps domain
  • Activate a no-obligation, 30 day trial of the BetterCloud Enterprise and Pro Features
  • Over the course of the free trial, we will highlight and demonstrate key features, including running a basic data security audit report for your review

At the end of the the trial, you decide if the cost/benefit of BetterCloud Pro or Enterprise is appropriate for your domain, and we will keep you subscribed. If not, you can keep using BetterCloud Basic for free.

To keep it simple, you can request the trial with two clicks.  Click here* to open a request email, then click Send.  Our team will promptly respond and activate your free trial.


*If you purchased Google Apps directly from Google, or another partner, we can still provide the trial. We also offer license discounts and other incentives for moving your account over to us. Contact us if you are interested in the savings and/or our services.


 

USPS Data Breach: What SMBs Can Learn


As a small or mid-size business, you probably do not worry about hackers and data breaches. Your information is safely stored in-house or in a secure cloud service.  You do not have trade secrets or intellectual property coveted by foreign governments or industry. You accept credit cards, but those transactions are processed, saved, and secured by the credit card processor … you do not even have credit card numbers in your files or systems. It is not unreasonable for you to think that you are not a data breach target.

You are wrong.

The recent data breach at the US Postal Service should, however, serve as a wake up call. Hackers breached USPS systems not for customer data or credit card information; the hackers stole HR records for hundreds of thousands of postal employees and retirees (customer data was just a bonus). And, while the hackers were not able to go on an immediate debit-card spending spree, they captured all of the data necessary to steal identities — names, addresses, social security numbers, and more.

Regardless of your size, any personally identifiable information in your possession is an incentive for criminals. And you don’t need to be big to be caught. A stolen laptop, compromised account, or lost USB stick can enable data breaches in systems you think are secure.

Malware is the inbound marketing tool for hackers and identity thieves. 

When malware spreads, it makes its way onto business computers that the hackers may never have known existed. Malware often sits in wait, capturing passwords or other information and communicating the information to servers half way around the world. Hackers can then use this information to assess the value of the target and to gain more access to even more data. Hackers may also sell this information to other criminals.

Your business needs protection in place, and awareness of the scope of the problem is the first step.  Permissions monitoring and management, web filtering, device protection, endpoint protection, mobile device management, and user data protection may all be components of your solution.


Please contact us for a complimentary review of your current data protection coverage.

 

Restore Google Drive Files Offers Some (but not enough?) Protection

google drive
Among the myriad of new features and upgrades announced at Google I/O this week, Google added the ability to restore users’ Drive files that have been deleted from the Trash folder.

While offering some protection, the feature is limited in its scope.

  • You cannot restore individual files; you can only restore all files deleted within a date range you provide.  The minimum date range is 1 day (24 hours).
  • You can only restore files for individual users, one at a time.
  • You can only restore files that were deleted from Trash within 25 days.
  • When restoring files, the permissions are not restored.  Only the user will have access to the files.

With these limitations, we do not expect the ability to restore a user’s Google Drive files will be of great use to most organizations.  With a limited retention period and lack of granularity, the tool provides a big shovel when most users need a spoon.

The solution also depends on users’ ability to recover information from the Trash folder, a process we find difficult at times due to the limited ability to search Trash in Drive.

True backup/recovery solutions give users and administrators that critical features that deliver more usability and effectiveness:

  • Flexible retention:  Allow organizations to implement policies related document and records management, including extended retention and removal of data past retention windows.
  • File-Level / Item-Level Restore: Most data loss and restore needs result from human error or action and impact fewer than 5 files.  Acceptable restore capabilities include the ability to restore individual files (or entire accounts) and should include the ability to select file by version or point in time.
  • Protect Meta Data:  Protect the meta data as well as the files themselves.  File ownership, permissions, etc. should be preserved and recoverable with the file.
  • Data Export:  Provide the ability to export data so that it may be migrated to other accounts and/or other systems.
  • Administrative Control:  Identify and allow backup/restore administrators that are not full domain administrators.

Absent many of these features, the ability within Google Apps to restore a user’s Drive files is a limited feature that will not meet most organizations’ needs for data protection.

Third party backup/restore solutions are still a necessary and appropriate component of a robust Google Apps environment.

Feel free to contact us if you would like to explore backup/recovery options and solutions.

Surprising Stats on Cloud Data Loss

Yes, you can lose data in the cloud!

Our friends at Backupify recently conducted a study, Protecting Data in the Cloud: The Truth About SaaS Backup, which revealed some very interesting results based on how IT perceives the safety and security of their cloud-resident data.

54% of IT professionals have implemented some form of SaaS applications

81% of IT pros that use or plan to use SaaS apps categorize the data stored in their SaaS apps as “very to extremely important”

52% of IT pros don’t currently back up their SaaS data (or even plan to)

79% of IT pros believe their SaaS application is being backed up by their solution provider

1 out of 3 companies using SaaS lose data

47% of SaaS data loss occurs from end-user deletion

17% of SaaS data loss occurs when an employee overwrites data

13% of SaaS data loss occurs when a hacker deletes data

47% of IT pros back up SaaS data with a manual export

15% of IT pros back up SaaS data with cloud-to-cloud backup

If you want to learn more about protecting your SaaS and cloud data, please send us a note.

Note: This post is based on a Backupify Blog Post, which you can see here.

 

Picking a Backup Solution is Missing the Point!

Data Protection
A 2013 study by The 2112 Group titled “”2013 State of Cloud Backup” found that small and mid-size interest in robust backup solutions more than triples after a significant data loss event, only 54% of SMBs felt that improved data recovery, business continuity, and IT reliability were sufficient motivators to deploy a new or improved solution.

Our perspective, is that focusing on backup misses the point entirely!

As we have blogged in the past: backup is easy; recovery is hard.  More accurately, the ability to recover and restore defines the value proposition.  Everything else about “backup” solutions — including the technology and methods — is irrelevant until you define the value of recovery and restore.

Stop thinking about Backup!  Instead, think about:

Continuity:  The ability for you company to continue to operate at an appropriately effective level during events that disrupt normal operations.   For some businesses, this means zero downtime.  For others, answering the phones and access to email may be sufficient for hours or days, or as an interim state until line of business systems come back online.  Still other businesses may need all systems up and running with 1 or 2 business days.

Recovery:  The ability to gain access to data and systems that became unavailable due to damage or failures.  Whether your disk array fails, a pipe bursts above your servers, or a virus eats through your files, recovery requires repair or replacement before systems and data can be restored.

Restore:  The ability to retrieve a prior version of data or a system.  Most restores are a result of user action or minor system issues.  How far back you need to go and the availability of past versions defines how long it will take to both retrieve the information and for the user to replace lost work, if any.  For some, a daily version meets the need.  For others, going back a day means resource-consuming rework so multiple versions each day are appropriate.

Focus on a building a Data Protection Solution and your required “Return to Operation” (RTO) time.  Remember that different parts of your business, different systems, may have different RTO requirements.

  • Assess your continuity, recovery, and restore needs and priorities
  • Understand the likely and not-so-likely risks to your systems and your business and create a “use case”.
  • Looking at each use case:
    • Identify changes to your IT infrastructure that could mitigate risk
    • Identify the type of solution that can provide the needed continuity, recovery, and restore services
  • Collate the use cases and solution types as your requirements

With requirements in hand, evaluating data protection solutions, technologies, and services becomes a manageable process.  Keep in mind, the data protection solution may include a mix of backup/restore, backup/recovery, archiving, disaster recovery, and other components.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 3)

Secure Cloud
This blog post is the third in a series on the data risks and solutions available for file sync and sharing services.

In the first two posts in this series, we focused on some of the risks and basic concepts for file sync and sharing services.  In this post, we focus on ways to mitigate risks.

Provide Employees with an Approved File Sharing Service. As we have noted in our prior posts, if you do not provide an approved service, employees will sign up for and use one of their own.  The difference?  With an approved services, you have access to your employees’ data and clear ownership of the information.  You can also monitor and manage for adoption, usage, and (if desired) adherence to policies.

Have a Clear Policy. Let employees know that personal and company data and systems are to remain separate, and why.  Provide a list of approved file sharing and sync services, as well as a clear an concise statement which other services may not be used (i.e., all others) and why.  The policy should include consequences for violations, along with a means for approved exceptions.

Block or Blacklist Unauthorized Tools. For many organizations without decent web filtering services in place, this recommendation will be difficult to implement.

Audit Workstations for Unauthorized Use.  Beyond application monitoring, when you scan workstations for application inventories, look to see if sync service agents have been installed.

With a moderate planning effort and reasonable monitoring and enforcement efforts, businesses can take advantage of the conveniences that file sharing and sync services offer, without exposing data to unnecessary risk and loss.

 

library

Google Workspace Encryption

Whitepaper | Source: Google —
Security is a key consideration for organizations that choose Google Workspace. This paper describes Google’s approach to encryption and how it keeps your sensitive information safe.

Google Security Whitepaper

Whitepaper | Source: Google — Google fully understands the security implications of the cloud. Google services deliver better security than on-premises solutions.

Securing Your Digital Transformation

eBook | Source: Cumulus Global

SaaS Protection Buyer’s Guide

eBook | Source: Cumulus Global